Markets

Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.

Overview

Business Applications

Cybersecurity

Data Management, Analytics & AI

Infrastructure, Cloud & DevOps

Services

Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.

Overview

Insights

Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.

Insights
Contact Us

Cybersecurity & Networking

  • The State of Network Security: A Market Poised for Transition

    ·

    John Grady

    In order to assess the network security landscape over the last 12-24 months, as well as what the priorities over the next 12-24 months are expected to be, ESG surveyed 265 IT security professionals representing enterprise-class (i.e., 1,000 employees or more) organizations in North America (United States and Canada). All respondents were personally responsible for evaluating, purchasing, and managing network security technology products and services.

    Survey participants represented a wide range of industries including manufacturing, financial, healthcare, and communications and media, among others.

    (more…)

  • Network Security Trends

    ·

    John Grady

    This Master Survey Results presentation focuses on the current state of network security, including current strategies and challenges, and how these are guiding the current and (expected) future usage of foundational network security technologies.

    Topics covered include:

    • Modern network security challenges.
    • The confusion around “zero trust.”
    • Top considerations for SDP and microsegmentation initiatives. 
    • The state of the DDoS prevention market.
    • Third-party deception tool adoption drivers.

    (more…)

  • RSA 2020: A Review

    ·

    Jon Oltsik

    GettyImages-1083720272RSA 2020 had an uninvited guest, Covid-19. Fist bumps replaced handshakes while hand sanitizing stations seemed ubiquitously stationed throughout the Moscone Center. Attendance seemed to be down due to factors like the virus panic and the withdrawal of major players like AT&T, IBM, and Verizon. 

    While lots of people pulled back, the ESG team was in full attendance. Here are a few of our observations and thoughts on RSA 2020:

    (more…)

  • RSA Conference 2020 Wrap-up: The Human Perimeter (Includes Video)

    ·

    Doug Cahill

    With RSA Conference 2020 now in the rearview mirror, my colleague John Grady and I discuss the theme of the conference in this video blog, the human element. After acknowledging the importance of community, we explore how the emergence of software-defined perimeters (SDP) will help secure a variety of user access use cases. We also discuss how the broad adoption of cloud services is necessitating a retooling of identity and access management programs from SSO to MFA, privileged access management, and user activity analytics. We wrap-up noting how much we enjoyed seeing so much of our community at our annual Enterprise Strategy Group Breakfast at RSA Conference event.

    For additional coverage, see Jon Oltsik’s blog: RSA 2020: A Review.

  • Trends in Endpoint Security

    ·

    Dave Gruber

    ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between September 23, 2019 and October 2, 2019. To qualify for this survey, respondents were required to be responsible for evaluating, purchasing, and managing endpoint security technology products and services.

    This Master Survey Results presentation focuses on modern endpoint security challenges, plans, and strategies to understand the drivers of endpoint security investments and how decision makers are prioritizing and timing purchase decisions.

    (more…)

  • Ransomware Still Rampant, Fueled by Insurance Companies

    ·

    Dave Gruber

    While ransomware is not a new cyber-threat, largely entering the cybersecurity scene in 2016 and 2017 with a number of high-profile attacks, research conducted by Enterprise Strategy Group reveals that a majority of organizations continued to experience ransomware attacks in 2019, representing a concern for both business and IT leadership teams. The research further reveals the prominence of cybersecurity insurance policies, and the relationship between ransomware payouts and those companies that hold these policies. A subset of organizations with cybersecurity insurance report that their providers are advising, and possibly even pressuring, them to pay cyber ransoms, further fueling the success rates and the economy built around ransomware. This disturbing trend sets the stage for the continuance of ransomware, and an opportunity for criminals to exploit those organizations that have engaged with cybersecurity insurance companies.

    Download Now
    For more information or to discuss these findings with an analyst, please contact us.

  • Crime Fighting, Protecting the Innocent, and Stopping the Embarrassment of Modern Email Attacks

    ·

    Dave Gruber

    Introducing Enterprise Strategy Group’s Modern Email Security Video Series

    As part of my ongoing research around modern email security, I am shooting a series of video interviews with leaders from several email security solution providers, talking about the current email threat landscape and strategies to defend against them. My goal is to make these educational, explaining what’s happening on both the attacker side and the defender side.

    I’ll be talking with a variety of industry experts from very small security companies to the largest of email security providers, covering specific defensive techniques to broad, cross-vector strategies that include email security. Most of these will be shot in our ESG Studios, but I may end up with a few shot on location in my travels.

    Leading off the series, I’m talking with DJ Sampath, founder of Armorblox Security. Armorblox has built a natural language understanding platform that can be used to help organizations fight business email compromise (BEC), among other email-related threats. DJ explains the challenges associated with stopping business email compromise, introduces natural language processing (NLP), and talks about how Armorblox has applied NLP to stop BEC attacks. We shot this one in two five-minute increments, so please enjoy the series. This is the first of many to come!!

    Part 1 with DJ Sampath from Armorblox

    Part 2 with DJ Sampath from Armorblox

  • CISOs Are Finding Ways to Address the Cybersecurity Skills Shortage

    ·

    Jon Oltsik

    GettyImages-849372092As part of the ESG annual IT spending intentions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills. Cybersecurity topped the list of problematic skills shortage areas, just as it has for the past 9 years.

    (more…)

  • The Expanding Role of DevSecOps Practices

    ·

    Doug Cahill

    ESG conducted research in the fall of 2019 to examine the composition of cloud-native applications, explore the challenges associated with securing cloud-native environments, and gauge the emergence of secure DevOps programs, or “DevSecOps,” as a methodology to protect the lifecycle of modern applications. The number of organizations who have or plan to implement secure DevOps practices has grown appreciably since ESG’s similar study in 2017, leading to an expanded set of use cases and, over time, broader coverage of an organization’s footprint of cloud-native applications. DevSecOps, for the purposes of this ESG brief, is the automation of security via the integration of cybersecurity controls and processes in the continuous integration and continuous delivery (CI/CD) pipeline of DevOps.

    (more…)

  • The Cybersecurity Awareness Conundrum

    ·

    Enterprise Strategy Group

    It is an obvious move to provide cybersecurity awareness training to employees to ensure their secure use of the company network across multiple cloud and hybrid environments—and it is an arguably altruistic bonus to enhance employee personal life cybersecurity. But does cybersecurity training accomplish what we want it to? Does it effectively stop users from clicking on malicious links in phishing emails or help them recognize a seemingly innocuous email that might offer privileged access to an attacker? Some say yes; some say no. ESG conducted several studies in 2019 that provide insight into respondents’ use of cybersecurity awareness training and their perception of the service.

    (more…)

  • Putting Some Heat on Phishing and Credential Theft

    ·

    Dave Gruber

    GettyImages-471219563Today’s announcement of Mimecast acquiring Segasec should help companies close another important gap in the race against the rampant phishing and credential theft attacks.

    As Mimecast builds out their Email 3.0 strategy, the acquisition of Segasec will put the heat on bad actors who are busy stealing credentials by impersonating many of the world’s biggest companies. With so many phishing attacks attempting to lead users to fake or impersonated web sites where they unknowingly give up login credentials and other sensitive information, many of the largest online companies become the biggest targets.

    Mimecast continues to extend their email security platform to protect against the growing email-led threat vector. While many email security companies have implemented filtering techniques to detect and slow down url and domain spoofing, impersonation sites have been left unattended. Segasec’s subscription service proactively hunts down impersonation sites and shuts them down. This is kind of like going after the drug dealer’s home instead of the drug user. To accomplish this, Segasec continuously monitors domain name registrations, certificates, social networks, and more, looking for indications of impersonation. And when they find them, they have several methods of blocking access or taking down the impersonated sites. (more…)

  • Digital Work Survey: Cybersecurity Takeaways

    ·

    John Grady

    GettyImages-988469836Enterprise Strategy Group recently completed an interesting study where, rather than surveying IT buyers and practitioners as is normally the case, we targeted employees in non-IT roles like sales, human resources, marketing, and finance. This provided a view of how the typical worker thinks about technology and the impact it has on their professional life. While a lot of the survey focused on end-user focused processes and technologies (mobile devices, applications, voice assistants), respondents were also asked for their perspectives on cybersecurity.

    The cybersecurity results are reviewed in detail in this ESG Brief, but some of the high level takeaways included:

    • Threats are exacerbated by risky employee behavior – between one in five and one third of employees report downloading personal applications to work devices, sharing sensitive information on public Wi-Fi networks, or disabling/removing AV software. The numbers are even higher for certain types of workers (mobile, senior managers, younger). When cybersecurity best practices get in the way of productivity or convenience, workers will obviously cut corners.
    • Passwords remain an issue – nearly three-quarters of workers report reusing passwords at least occasionally. This isn’t surprising due to device and application sprawl, but is still worrisome. Single sign-on/password manager technologies are at the top of the list for technologies that workers want to alleviate the frustrating and productivity draining process of managing multiple passwords.
    • Awareness training is becoming more common, but is still not pervasive – 60% of workers report participating in required cybersecurity training, but only 43% said it was a recurring practice. Companies don’t want to burden their employees with unnecessarily or unproductive trainings. However, when done right, cyber awareness training can make an impactful difference. But this requires going past just checking the box and creating an iterative program of training and testing to focus on the most vulnerable vectors and employees.

    Overall, my takeaway was that cybersecurity vendors need to spend more time on the user aspect of security. Accounting for the views of those that are on the top line will become increasingly important as cybersecurity continues to move into the mainstream. That’s happened within the IT department, but there’s still room to grow among the non-IT employee base.